CVE-2019-0389

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.

Published: Nov 13, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0389
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_java	7.31	7.31.x
sap / netweaver_application_server_java	7.1	7.1.x
sap / netweaver_application_server_java	7.2	7.2.x
sap / netweaver_application_server_java	7.3	7.3.x
sap / netweaver_application_server_java	7.4	7.4.x
sap / netweaver_application_server_java	7.5	7.5.x

https://launchpad.support.sap.com/#/notes/2814357
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

Vulnerability Database

289,784

CVE-2019-0389